How To Access Your PCs and Servers from Anywhere Using Guacamole and Cloudflare Tunnels

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

warning failure to secure this container properly could result in a compromised server so just over a year ago I released a video about a Docker service not necessarily just a Docker service but in our case a Docker service called guacamole now the cool thing about guacamole is that you can use it to remotely access all kinds of different Services uh devices whatever on your network now I primarily use it for remote desktop into the PC that I'm on right now I've also added my laptop to that just to do some testing but also I've got it set up to access my Synology device via SSH my proxmox server via SSH and a couple of other different uh services or servers on my network again via SSH just so that in case I'm away from the house and I need to manage something reboot something whatever the case is I've got one central location to log into and manage all of my devices remotely that's kind of the idea behind guacamole this video is sponsored by the node I've been partnering with lenode for quite a while now because it's a great place to host just about anything you could want to host need a dedicated space to host an app lenode has you covered with more than 100 pre-built apps that can be installed with just a couple of clicks want to develop an app on your favorite flavor of Linux lenode has you covered there too with more than 30 different options to start with need to do some pen testing on your own network or app install a Kali Linux setup in just a few clicks to get started with testing your own security you can also host a Docker setup a kubernetes cluster and more with just a few clicks from hosting a single website to complex multi-cloud deployments find Enterprise level capabilities like object storage kubernetes and gpus at a 30 to 50 percent lower cost than the major Cloud providers be sure to check out the link in the video description to get a hundred dollars in free credit for 60 days to see what you can do with lenode now more recently I've been talking a little bit more about cloudflare and more specifically cloudflare tunnels and as a result of that several people have asked me to make a video showing how to get guacamole set up with cloudflare tunnels now in this video I'm going to show how to get guacamole set up I'm actually going to set up a different version than what I showed in the original version because as it turns out the awesome new version that I've been using uh forever now uh hasn't been updated in two years so I found another easy to install Docker container for guacamole that was updated four days ago and that makes me feel a little bit better about using it so we're going to cover how to get that installed we're going to show how to get an RDP client setup that's remote desktop for Windows as well as some SSH stuff we're also going to show how to get a tunnel configured to work with guacamole now there are some prerequisites to this video the first one being a Docker Docker is going to be super helpful since we're dealing with Docker here I'm also going to do some stuff in portainer you don't have to do portainer installation of of the the guacamole container but I'm going to use protein for this just because it's easier also it would be super super helpful if you had some some foundational knowledge of cloudflare tunnels and how to get them set up and that sort of thing I don't want to go too much into depth on on configuring cloudflare tunnels and and security and things like that I've already made two dedicated videos on that so if you're not sure what a cloudflare channel is or how to set it up definitely check that video out also if you're not familiar with using additional security different or additional authentication whether it's Google or GitHub or whatever I've made a dedicated video about that as well and I encourage you to check out both of those tunnel videos so with that long Preamble out of the way let's take a look at getting guacamole set up and configured with cloudflare tunnels so the first thing we're going to do is actually take a look at the guacamole only container that we're going to use here I'm over on hub.doctor.com I'll put a link to this and everything else in the description down below but if we take a look I'm not going to try I'll butcher that I'm not even going to try but we can see updated four days ago and we can kind of get an idea of all of the stuff going on here he's done a really good job of documenting everything I say he I shouldn't assume but this developer has done a really good job of of documenting everything uh from you know the docker compose that you're going to use any extensions that are available on this including ldap two-factor authentication open ID totp two-factor authentication ad hocs saml lots of different options in here that you can configure we're not going to end this video because again we're going to do this with cloudflare tunnels and I've already shown how to add third-party authentication with cloudflare tunnels in another video so we're not going to add any of these extensions just know that they are available when you first get logged in or that when you first get this setup rather you're going to have uh you're going to to log in and the username and password for that is right here under default user the username and the password are both guac admin I suggest changing those once we get logged in basically this is the uh the docker compose that we're going to use for this I've cleaned it up a little bit and I put it in a notepad in my other screen over here but this is more or less what we're going to use to deploy this on our Docker container or our Docker server using portaner and then of course there's there's more information down here I definitely recommend going and checking this out it's just it's got a lot of good information in here if you're not sure if you've got questions whatever the case is there now that we have that information let's jump over to our portainer instance and go ahead and get this installed so what we're going to do obviously I'm going to jump over to my portainer um of course you're gonna you're gonna land somewhere like this I'm just gonna come over here to Stacks over here on the left-hand side and I'm going to add a stack to this and I'm just going to paste this in here and then we're going to come back and talk about it I'm going to call this a nuke walk uh just like so so basically if we take a look at the at the docker compose in the web editor here it's a version three Docker compose we've got just one service in here which is guacamole our image is again this developer's name and then slash guacamole the container name is also just guacamole very standard very straightforward here we're gonna have a volume to store the data for this and this is a is a Docker volume that we're using here you could change this to a mapped volume if you wanted to uh just by doing something like home slash Docker slash containers slash um actually yeah and then uh it was called guac right you could do something like that if you wanted to if you went this route of the mapped volume like I'm showing here of course you would just go ahead and remove the the volumes section down below but since we're not using um a mapped volume we need to have this this volume declared down here uh just so that the container knows what to do so we've got our volume here that we just talked about and of course ports you can change the ports on here if you need to however don't change or only change the left hand side here don't change anything after the colon just the the the the container is uh put together in such a way that it depends on the information on the right side of the colon whether that's the ports or the volumes or whatever I never change anything on the right hand side of the colon there I'm just gonna I'm just gonna make something up here I do 81.94 sure why not and that's all we need to do at this point so with that out of the way once we're once we're comfortable with how this looks we're ready to go ahead and deploy we'll just scroll down to the very bottom where it says deploy the stack down here we're going to give this just a second to do its thing this should only take a couple of minutes tops um of course the the the guacamole image is about 450-ish mags if you're never if you're not ever sure about how big a Docker image is you can usually find out if you go over to the hubby docker.com page and go over here to tags so over here we can see the size of the container uh yeah the container image rather uh and it is 447.55 Megs for the AMD that's AMD and Intel and then the arm 64 so it also supports arm devices which I appreciate that that is included here we can see that that's that size is 427.22 Megs so just keep that in mind when you're downloading this that your internet speed will very directly determine how fast these images download to your server so if we go back over here to portainer and then just do a search for guac oops if I could spell and here is our new guac the one we just deployed you can see I've been messing with some other stuff in here as well but we're going to go with this new guac option right here and if we just click right there uh immediately it just drops us into our dashboard of course this is only accessing it locally this is still on an IP address so I'm actually actually going to grab that IP address and the port up there so that we can go over to cloudflare to create uh the tunnel that we're going to need for uh for accessing our guacamole remotely so I'm going to jump over here to cloudflare tunnels you can see I've got a bunch of tunnels in here already I'm just going to create a new tunnel and I'm just going to call this um nuke walk just so that my naming conventions are are synchronous I guess and that I don't get confused later on once I've got my tunnel name in I can click on Save the tunnel and then it's going to give me this information on how to get this installed now I already have a tunnel agent on my Docker server so I'm just going to replace the token with what I've got with the one that's been given to me here I'm just going to copy that and then I'll modify it so now I'll come back over to my portainer and I'll find my container for uh for my cloudflare agent which is right here I'm just going to come into here open this up and of course I'm only doing this because I've already got an agent if you don't already have an agent on here you would want to follow the steps that again that I outline in those other videos so I'm just going to come down to my token right here under command and I'm just going to replace it I don't even think it's a different a different token but I'm just going to go and replace it anyway just in case and click replace so we'll give this a second to redeploy like it did a container has been successfully created great so now we can come back over to cloudflare uh here we can see that we've got a connector ID I will have to of course block my IP there that's fine and then I'm going to click next okay so the next thing it wants me to do is create a subdomain for for my application here right so I'm just going to do guac and I'll do dbtech.com like so I'm going to select HTTP for this uh just because that's how it's How We would access it over here locally there's no https in the docker container so we're going to use HTTP for our service type then we're going to put in our IP address and Port the same IP address and Port again that we're using to access this locally um once we've got this we can go ahead and click on Save hostname give this a second there it is and then we should just be able to click right there and there we go now if we take a look we're accessing accessing this on guac.dbtech.com of course it would be your subdomain and domain there but we can see that we have a secure connection uh we've got a valid certificate here everything there is good to go now you'll also see here um that it's asking to see text and images copied to your clipboard that's super helpful when you're copying and pasting from one device whatever device you're on to the Remote device in this case you know maybe a server a remote desktop whatever the case is you can't allow or disallow uh the guacamole container of the application here to have access to your clipboard for easier management and and copying and pasting between devices so I'm going to go ahead and allow that then I'm going to get log in again it's block admin for you username and password and the first thing I want to do here obviously is go to settings I go to users go to here and I want to change my password just because I don't want to use a guac admin now you could actually stick this a step further create a new user right so you would just come over here click on create new user like so like so and click save that this is probably the better way to do it then I'm going to log out I'm gonna log back in and then I'm going to come back up to here go to settings uh oh I didn't give myself admin privileges so uh way to go me uh let's do that I can't believe I missed that but users uh dbtag and then systemad man create new users I'm just going to give myself all of the Privileges and I'm gonna click save and then I'm going to log out and I'm going to log back in so I'm going to come over here to walk admin I'm going to delete that user just so there's no chance of somebody trying to use that user later on it's just I think good practice to remove the default user create your own user first obviously and then delete the default user that's in there just for better security so once we've got that what we want to do obviously is make it so that we can remote into other devices so let's go ahead and do that let's come back over here to connections up here at the top and we're going to create a new connection and there's a bunch of stuff in here because there are so many different protocols that you can use like kubernetes RDP SSH telnet VNC all of those are available in here so there are lots of different things in here that you can use to add different uh you know credentials or Flags or or criteria to each of those different protocols again for the sake of keeping things simple I'm just going to show SSH and RDP for this so I'm going to I'm actually going to change this to RDP I'm going to do I'm just going to call this laptop this is the laptop again that's in the other room so what we want to do next is go down here to where it says parameters Network the hostname is going to be the IP address of that 39 like so and then the port for RDP is 33.89 I believe let me let me double check that yeah so the the port for RDP remote desktop protocol for Windows is 33.89 so we've got our host name and our Port but then we're going to put in the username and password for that system now here's the thing to keep in mind with that is that you will need to make sure that remote desktop protocol is enabled on any device that you want or any Windows device that you want to connect to so the easiest way to do that is come down to your start button and type in um allow a remote invitations nope it's there of course this is on windows 11. so uh connect and use this PC from another device using the remote desktop platform is what you're looking for again whether that's on Windows 10 or 11 it is a little bit different on 10 than it is on 11 or 11 versus 10. whatever you need to make sure that you have a remote desktop enabled uh for uh before you can do this so that's something to keep in mind and in order to enable remote desktop protocol on Windows you also need to make sure that your user account has a password I know a lot of times when I set up a Windows PC or laptop that doesn't go anywhere I don't put a password on it because I don't care however for security reasons for remote desktop you do need to have a username and password set up on any of the windows devices you're trying to connect to so there you go so once we've got that we can go ahead and put in our username and our password and then um because chances are you're not going to be on any kind of a domain for your home network you might be but I doubt it you want to make sure that you come down here and ignore the server certificate if you don't do that it'll throw an error and it won't let you connect so I think that's all we need to do here so we're going to go ahead and scroll down we're going to click on Save um and then what we need to do is come back up to the top right where our username is click on home and then it brings us back to here I I hate that they're in two separate areas but it is what it is so I'm going to go ahead and click on laptop and as long as anything doesn't go wrong give this a second there we go here we can see that I am I am logged into a different PC entirely uh this is you know the PC again I've got on uh in the other room let me show you what remote desktop configuration looks like there so oops we're going to do uh allow our allow remote connections to this computer um and then remote desktop is right here and then you can click on the show settings and then again for Windows 10 it will be under remote desktop here and then allow remote connections to the server and then make sure that allow connections only from computers running remote desktop with uh Network level authentication is ticked there once you're good with that you can click OK and of course here is we're already we're already we're loaded into a different system already this is remote desktop um and and we can kind of see what's going on there you know I've got some audition stuff up I have some recordings I did yesterday of course I've got a terminal here right there we can see the IP address that we use of course there's also a Wi-Fi option there because that's a laptop that has Wi-Fi go figure that's how easy it is to get remoted into a a Windows system using RDP via guag VIA cloudflare tunnels very very straightforward very easy so let's do one more quick one here um also since there's really no option there's no like little uh tab over here on either side or anywhere when you're on Windows you can just come over to here I don't to the bottom right where the Windows button is we're in the middle if you're on Windows 11. click the power button and then click disconnect it's going to throw this up you can say do you want to reconnect go home or log out I'm going to say go home and it's going to bring us back to our dashboard here so now let's do one more but we're going to do SSH this time we're going to do uh connections we're going to create a new connection again we're going to give this a name I'm going to call this Jarvis this will be SSH our host name nope we're going to come down to our Network host name like so I'm going to give it a port um if you had a public host you could put that in I'm not going to but you could also notice that there's an option for a private key you could use that as well if you had SSH Keys set up you could absolutely put your private key in here and connect without a password I don't have that set up presently but you absolutely could do that and that's really all you need here is just the um the the name the protocol the network host name and the network port and your username and password we're gonna go scroll down click save again we're going to come up to the top right click home and then we're going to go over here to Jarvis and there we go just that quickly and easily I'm logged in to Jarvis via SSH so that I can do any kind of my remote and any kind of remote Administration I might need to do uh both on on now Jarvis as well as that laptop you can add as many different connections as you'd like for for both you know like well like we saw earlier but first let me let me get log out of here all we've got to do is just do exit it's going to log out again I can go home but you can do as many of the different connections as you want if you go over here under connections you can also see history of who has logged in who has done what who where they've connected what the remote host name was um again you can add new users like we did at the beginning of this we can do groups where we can set up group designations for people uh so maybe you want to maybe you've got a lot of different people that are going to remote into stuff you can set up groups give them a specific uh permissions if you want to do that you can say who they're allowed to connect to uh so I kind of like that there's some um some some control as to who can do what very very easily with groups here if we come back again we can go to connections we can create a new connection we can create a new group under those connections so you can kind of a group different connections together if you wanted to do that again new connections lots of options in here again we've got all kinds of different protocols in here we can create connections with and if we go to preferences you know you can change your display language your time zone current new passwords default input method and default Mouse emulation mode so lots of different options in there and of course like I said I would highly recommend adding an additional layer of authentication to this in fact if we come back over to here um oops I lied if we come back over to here again this is guac.dbtech.com if I disable my current configuration here from cloudflare and I refresh I say hey you you can't visit this you can't access this site because of the way I've got uh my my cloudflare security set up so I know this is kind of a long video and I only a little bit apologize for that I wanted to make sure we had a good foundational understanding of how to connect or how to get guacamole installed and then get a tunnel installed and get the tunnel attached to the container so hopefully you found the video helpful if you did do me a favor give the video a thumbs up that really does help me out quite a bit if you know of anybody who's looking for this solution definitely share this video with them um but I think that's going to kind of cover everything I wanted to cover in this video so with that said I'm going to wrap this up I want to thank you guys for spending a few minutes of your day with me today and I'll talk to you in the next video

Info

Channel: DB Tech

Views: 82,641

Rating: undefined out of 5

Keywords: cloudflare tunnel, cloudflare, cloudflare tunnel tutorial, cloudflare tunnel localhost, how to uise cloudflare tunnel, cloudflare access, cloudflare tunnel ssh, cloudflare argo tunnel, cloudflare tunnel setup, how to use cloudflare tunnel, home server remote access, cloudflare tunnel vpn, cloudflare tunnel docker, guacamole remote access, using cloudflare tunnel, cloudflare tunnel guide, guacamole, synology and cloudflare

Id: tg1CbMEzCsc

Channel Id: undefined

Length: 21min 18sec (1278 seconds)

Published: Thu Jan 19 2023